Insecure Direct Object Reference in IBM Cloud Pak System
CVE-2020-4918

2.3LOW

Key Information:

Vendor: IBM
Status: Cloud Pak System
Vendor: CVE Published:; 4 January 2021

Summary

IBM Cloud Pak System 2.3 is susceptible to an insecure direct object reference vulnerability, allowing a local privileged user to disclose sensitive information through the service console for the Platform System Manager. This flaw emphasizes the importance of securing user access and permissions to prevent data leakage.

Affected Version(s)

Cloud Pak System 2.3

References

https://www.ibm.com/support/pages/node/6393554

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/191392

vdb-entryx_refsource_XF

CVSS V3.1

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 4, 2021
Vulnerability Reserved
Dec 30, 2019